The Java security system, at its core, is a fully pluggable system of interfaces and classes - allowing security providers to plug-in concrete implementations of security algorithms for the systems use.
The providers register their implementation in two ways:
- By declaratively listing the java.security.Provider class implementations into the java.security file.
- By dynamically registering them into the java.security.Security class.
Each provider is essentially a java.util.Properties
implementation, which specifies the particular algorithms that it supports using a fixed semantic. For instance, adding a value of KeyStore.IBMCS
with a target of com.ibm.rcp.security.IBMCSKeyStore
to a provider's capability map means that an instance of that class will be created when KeyStore.getInstance("IBMCS")
is called. This model is used for almost all of the SPIs in the security infrastructure that Java provides.
The Java 1.4.2 and Java 1.5 java.security.Provider
class allows you to specify algorithms in the format described above, each linked to a single string that is the classname of an implementation of the associated SPI.
The core Security classes query the capability Hashmap of each installed provider for the first one that supports the algorithm that was requested, and instantiates an instance of the value of the specified key using Class.forName()
. This means Java expects those classes to be available in the lowest levels of the classloader hierarchy, at a minimum in the %JRE_HOME%/lib/ext
In order to install security algorithms, an extender of java.security.Provider
must be installed on the classpath which is responsible for enumerating the algorithms that are backed by implementations within the plug-in. The provider implementation must then be added to the list of installed providers listed in the java.security
file. Lotus® Expeditor provider implementation is com.ibm.rcp.security.ServiceProvider
, and returns a set of algorithms that are targeted to proxy implementations of each required SPI. Lotus Expeditor 6.2 supports the following Java SPI model proxying implementations:
Parent topic: Securing applications and data: XPD621